Rant Wednesday! Networking |
- Rant Wednesday!
- For those that HAVE to use Firepower...
- Am I configuring this multihoming correctly?
- Specifying USA Equipment Advice
- WAN - Mount Network Drive - High Latency High Bandwidth situation
- Aruba 2930F VSF VLAN-MAD
- TCP Quality Analysis tools/reading?
- Web Filter Recommendations
- Slow commection to shared drives
- DR/DR Testing made easy?
- Outdoor AP or Repeater
- Monitoring network connection from CCTV system
- Increase file transfer speeds over the network?
- Meraki APs dead after lightning storm
- What is the IPSEC VPN Tunnel configuration of Cisco 1100 Series (C1100-4P)?
- Netally G2
- Increased AnyConnect attacks?
- iBGP Route Redistribution of eBGP routes
- Cisco vs Arista cost comparison
- [Question] DSL help? 4-pair G.SHDSL card connecting to G.SHDSL? Wire splicing into RJ45 plug?
- Weird ESXi HTTPS Issue
- What are some good python for network engineer courses, besides Kirk Byers?
- Juniper MX map multiple inner tags to one outer tag
- Clearing Solarwinds kiwi CatTools database
- Network design for new servers and switches. Design check and advice
| Posted: 01 Jun 2021 05:00 PM PDT It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! Note: This post is created at 00:00 UTC. It may not be Wednesday where you are in the world, no need to comment on it. [link] [comments]  |
| For those that HAVE to use Firepower... Posted: 02 Jun 2021 04:16 AM PDT It seems nobody would choose to run Cisco Firepower these days, but if you're one of those who would, or that decision's already been made for you... Why not avoid the terrible GUI or terrible CLI, by using my https://github.com/certanet/firepyer It's a wrapper for the FTD API when running in FDM mode (not FMC). It returns native Python objects (dicts, lists etc.) rather than modelling the API objects to custom classes and doesn't have major coverage, as I've only added the few endpoints I needed to use in my spare time, but if there's something missing that you need or have any feedback let me know! Some docs and examples are here [link] [comments]  |
| Am I configuring this multihoming correctly? Posted: 02 Jun 2021 10:42 AM PDT BGP peering to the Internet is a bit new to me. I've used it with our MPLS providers and a little bit internally, but that's about it. Our primary DC has 2 ISPs and 2 Routers. Each router only has one ISP. Currently we have a /26 from each ISP. We also now have a /22 assigned to us by ARIN. I'm working on a project to start using our portable space and advertise it out both ISPs. We'll be slowly migrating things from the carrier address spaces to our address space. We'll also still use the /26s for specific things like SD-WAN. Our secondary DC will eventually mirror this. I'm wondering if how I'm planning to configure this is proper or if I'm way off base here. On each router I'm planning to configure 2 sub-interfaces, one for the ISP specific /26 and one for a /24 of our PA space. The /24 interface will use HSRP between the 2 routers. I'll also have a direct connection between the routers for iBGP. We'll BGP peer with both providers, advertise our space and receive a default + ISP connected routes, not a full table. We have various devices (Palo Alto, F5, and some yet-to-be-determined SDWAN) that will connect to the sub-interfaces. Static routes will be used on those to the routers. I'll use PBR on the routers to force traffic on the /26 subnets to use the correct ISP and rely on BGP to route traffic to/from the PA space. Is there anything I'm missing here? Am I overcomplicating it at all? [link] [comments]  |
| Specifying USA Equipment Advice Posted: 02 Jun 2021 04:32 PM PDT A consultant is designing a new building comm for my company. I have a chance to provide input on desired manufacturer of racks, cable, fiber, etc.. This is a little out of my area of expertise, I usually order switches, routers, servers, etc.. Mostly I want it to be good quality and made in USA, here is what I have come up with. Any advice or anything to add/remove? Fiber: Corning, OFS, Mouser CAT6: Corning Racks: APC Power Distribution: Starline Systems, APC, Phoenix [link] [comments]  |
| WAN - Mount Network Drive - High Latency High Bandwidth situation Posted: 02 Jun 2021 12:22 PM PDT What is the best method to set up a file server for high latency - high bandwidth - connections for windows? Having a mapped drive letter in windows is a requirement for this specific use case. In my particular use case, 3 users need to be able to connect to a common file server for work. The 3 users need to be able to Map a Network Drive to a Letter. There are 4 machines in this situation - The file server, Machine A, Machine B and Machine C, all running the same (latest) version of Windows 10. ZeroTier VPN has been installed on all 4 machines. The latency between the server and the devices is as follows. Server to Machine A - 5ms ping Server to Machine B - 50ms ping Server to Machine C - 220ms ping All the 4 machines have a wired internet connection of 500mbps. (each) I understand the limitations of SMB file transfers over high latency...which is why I wanted to know what the best alternative (or fix) is for my particular situation. The transfer speeds between the server and the devices is as follows Server to Machine A - 480 mbps Server to Machine B - 25 mbps Server to Machine C - 2 mbps Please let me know (in detail if possible) how I can map the Server's network share folder to these 3 Machines, as a Mapped Drive Letter, but increase the speed. Machine A is perfect...but Machine B and Machine C are too slow to be able to work effectively. PS - I am open to trying any fix, including VMs, provided the 4 machines can continue to run windows and A, B and C can all have the same mapped drive letter to Server. Thanks! [link] [comments]  |
| Posted: 02 Jun 2021 11:25 AM PDT I have configured VSF successfully with a stack of 4 2930F switches. I am now trying to configure MAD. With a 4 switch stack I need to use vlan-mad. I am confused as to how this topology would work. Each of my stacks is in a closet with a single fiber uplink to the core switch. The vlan-mad configuration needs to have one port on each switch in the stack connected to a device outside of the stack. These vlan-mad ports need to be configured as an untagged port on the assigned vlan-mad VLAN. I don't have the option to run multiple connections from each switch back to the core switch. How is this normally handled. [link] [comments]  |
| TCP Quality Analysis tools/reading? Posted: 02 Jun 2021 10:44 AM PDT I've got a remote user who recently got T-Mobile 5G home internet and it is not playing nice with our VPN. I've used both Zerotier and Wireguard tunnels (both UDP) to our main site, along with some other point-to-point locations to test performance. I set up a couple ad-hoc iperf3 servers to test connection quality and found that TCP over the tunnels is extremely unreliable. Both behaved roughly the same. I even set up an iPerf3 servers on a public IP temporarily at our main site we were testing the tunnels to test performance outside the tunnel. TCP outside the VPN tunnel is fine. UDP seems to be being bandwidth limited artificially as we saw massive, yet steady packet loss for moderate bandwidth tests well below "provisioned" rates. I'm sure almost positive the packet loss on the VPN UDP packets is causing the TCP dynamics to go haywire. We tested UDP streams within the tunnel and while bandwidth was not great, it was steady. I know about the famous "tcp-meltdown" for TCP Tunnels, but I am unsure how, or if it would be possible to observe/visualize this kind of failure happening. Is there some graph/view in Wireshark, some other tool, or some reading I can do that might help me understand how this is behaving? I've not had much luck googling for TCP analysis guides/tools. I'm not asking for a solution to the user's home network problem, rather about how to observe the qualities of a TCP connection so I hope this does not run afoul rule #1. [link] [comments]  |
| Posted: 02 Jun 2021 09:49 AM PDT I am looking for a decent web filter product. We need to filter inside LAN users and log web traffic and tie it to their AD accounts. We also need to filter some outside guest subnets that also hit our same Internet connection via different interfaces on the ASA. Any suggestions? I'm not sure what's out there, but I am looking for something robust. IT wants to use it for cybersecurity purposes and management wants to block inappropriate sites as well as monitor employee web activity. [link] [comments]  |
| Slow commection to shared drives Posted: 02 Jun 2021 01:12 PM PDT Hey everyone! I'm currently troubleshooting an issue someone in my office is having. When he tries to access the shared drives we have on our network, it's extremely slow but his internet connection is fast. This issue isn't presenting on any of the other computers in the office. It also doesn't present when the same computer/user is connected to the network remotely through a VPN. The computer is a Win10, running version 2009. We've tried pinging and tracerting the server from the affected computer and the numbers look very normal, there doesn't seem to be anything weird. I've checked the connections that correspond to his office in the server room and everything seems fine there as well. Has anyone been faced with this issue? What was your solution? This is the only computer out of around 15 in this office, and the only one I'm aware of out of 500 in the company, that is presenting with this issue. Thanks in advance. [link] [comments]  |
| Posted: 02 Jun 2021 11:53 AM PDT I don't come from a Systems background however I've worked with some admins that manage SRM, and it seems to me that one of the biggest challenges is DR and DR testing. My current and previous employer had a re-IP strategy, and if I had to guess, I'd say this was due to not having a strategic VLAN segmentation. It worked great once all the direct-IP references were replaced with hostnames, but there were still other steps (FW rules, NATs) that all needed to be set up to accommodate a re-IP. Just thinking from a network perspective - if you had a fresh stab at a design, would it make sense to just put each application in it's own VLAN, then just down the SVIs and up them at the DR site when the app is SRM'd? Are there any downfalls to implementing a VLAN strat as such as this, outside of probably needing to gatekeep the IPAM? (I say this because I'm sure at some point someone will fuck up and put a dependent server in the wrong VLAN). [link] [comments]  |
| Posted: 02 Jun 2021 11:26 AM PDT I'm having trouble finding a device that will do what I need it to. I work for a restaurant group and we are opening new restaurants every week. We have a job site trailer placed on the property ahead of time where admin and hiring processes take place during construction. I don't know if there is a device capable of repeating the internal WiFi with out having a direct connection to the switch inside. Unsurprisingly we are having issues with range due to the "office" being a metal box. Any ideas? [link] [comments]  |
| Monitoring network connection from CCTV system Posted: 02 Jun 2021 11:16 AM PDT I have a CCTV system that uses emails to send notifications to a monitoring company upon detection of a person. Currently it uses a Gmail account to sent the email. Most of the time it works fine, but I have noticed that occasionally, it can't connect to the email server. When I try and test the connection, it says test failed. Is there a way to monitor the connection between my CCTV system and my router? I thought about connecting my laptop to the wifi, and sharing the internet connection with the CCTV stem via an ethernet cable, that way all the traffic would need to pass through my laptop and I could potentially monitor it for issues. Would I need additional software to do something like this? Any guidance would be appreciated. [link] [comments]  |
| Increase file transfer speeds over the network? Posted: 02 Jun 2021 11:14 AM PDT Hey everyone, My sys admin guys run backups weekly from our main HQ to a backup DR site. The main circuit at HQ is a 500mb circuit and the DR site is a 100mb circuit. They're complaining about slow file transfer speeds (19mbps) when performing backups. What are some things you'd check on the network side to see where a bottleneck may lay within the network? The first thing I think of would be to perform a trace route and see if any latency issues jump out at me. Any help is appreciated! [link] [comments]  |
| Meraki APs dead after lightning storm Posted: 02 Jun 2021 10:23 AM PDT We had a giant lightning strike nearby and lost visibility of all MR45 APs on our Meraki dashboard. We found that each PoE switch that the APs were connected to needed replacing. Some were no longer getting power, others were just malfunctioning with lights going crazy on them. We replaced the switches and out of the 12 APs, 8 came back up but 4 did not. If the switches were on power surge protectors and the surge protectors looked good (all LEDs indicated no surge), how would some APs survive and others get fried, and how would all the switches get fried if on surge protection? Can the antenna in the AP take the strike and channel the surge down to the switch it's connected to, but not make it to the surge protector? [link] [comments]  |
| What is the IPSEC VPN Tunnel configuration of Cisco 1100 Series (C1100-4P)? Posted: 02 Jun 2021 10:03 AM PDT What is the IPSEC VPN Tunnel configuration of Cisco 1100 Series (C1100-4P)? 1) ACL 2) ISAKMP Policy (Phase 1) ISAKMP Key 3) IPSEC transform set (Phase 2) 4) Crypto MAp 5) Apply the Crypto Map Really hard to get the IPSEC configuration guideline for C1111-4P router online. Anyone can help on this? Very very appreciate it! And thank you very much [link] [comments]  |
| Posted: 02 Jun 2021 09:52 AM PDT Has anyone had any luck with off-brand SFP's for 100Mb and 1Gb SM fiber in the Netally G2s? Netallys $2500 SMF SFP is not something I want to buy if I can find the Finisar they rebranded for $200 :) Thanks! [link] [comments]  |
| Posted: 02 Jun 2021 09:13 AM PDT Curious if anyone has seen a ramp up in attacks against brute forcing AnyConnect logins? Since Mid-May we are seeing large scale brute force attempts out of Russia/Cyprus against Cisco ASA/FTD running AnyConnect. I know of the recent CVE about SYSTEM level access through a vulnerable client, but it requires valid credentials which may be what they are fishing for. Curious if anyone else has seen this behavior in their environments and if there is something big coming from Cisco. I am dreading a new zero-day that we'll frantically need to patch because Cisco finally went public after Talos saw large scale exploitation in the wild... [link] [comments]  |
| iBGP Route Redistribution of eBGP routes Posted: 02 Jun 2021 08:57 AM PDT BGP Novice here, trying to figure out where I'm going wrong with this. Through poor design, I'm staring at a router with 2 virtual routers on it. One virtual router is the "Edge" vRouter when interacting with vendors, the other is for internal traffic. One of our vendors is asking to do a BGP Peering session with us. This is the first time we've been asked to do BGP on this particular router. However, we already have iBGP running, but all it does currently is route redistribution of internal to our OSPF Anticipated mock up: I've labbed this up already and am having trouble with the following:
Our router is Palo Alto running PanOS 9.1.8. The only way to do vRouter to vRouter is via BGP OR using a physical interface assigned to each vRouter (all our interfaces are taken, and I don't want to add another VLAN to our switch stack for a subinterface if I can avoid it, as well as it would potentially cause a larger issue with our existing network infrastructure) This is one of those problems where I'm sure it's been done before, but I have been unable to find the answer so far. TIA! [link] [comments]  |
| Cisco vs Arista cost comparison Posted: 02 Jun 2021 07:46 AM PDT If you have multi-vendor environment (Cisco and Arista) then you can probably help me in getting this cost comparison. I am trying to compare total cost of ownership for a data center switch (with 3 year of support) between these two vendors. We are a Cisco shop as far as routing and switching is concerned. I am trying to understand where does Arista stand in terms of cost for a comparable DC switch. For comparison purpose we can assume a switch with 48 10GE ports and 4 40GE UL ports. Also assuming we are not including any orchestration system or other fancy management software costs. I am not looking for any detailed analysis, just a ballpark number like if Arista would be x percent cheaper/expensive etc. Thanks, [link] [comments]  |
| [Question] DSL help? 4-pair G.SHDSL card connecting to G.SHDSL? Wire splicing into RJ45 plug? Posted: 02 Jun 2021 07:27 AM PDT I'm trying to figure out DSL and there seems to be very little out there on it - specifically trying to make sense of this document: https://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/software/feature/guide/GSHDSL_EFM_ATM_NIM.html#68879 If I have 2-pair copper running from a spoke to DSL hub, can I terminate (4) spokes on one hub using a NIM-4SHDSL-EA card (4 pair G.SHDSL) at the hub? Would I have to wire in 4 sets of 2-pair copper into the RJ45? [link] [comments]  |
| Posted: 02 Jun 2021 06:29 AM PDT So we have 2 subnets behind a firewall: Production (.1) and Development (.2). We're accessing them both via an OpenVPN server in the following manner: (1) Client connects to VPN server (192.168.1.10) with NAT'd IP address (1.1.1.10) (2) Firewall does the NAT'ing (3) Client establishes the tunnel to the VPN server which then provides access to 192.168.1.0/24 and 192.168.2.0/24 As a client, I can ping anything on both subnets. In terms of services, everything seems to be working fine. More specifically to this issue, I can access all services on both subnets that runs HTTPS, such as iDRAC, cameras, switches, routers, Splunk, etc. I can also access the ESXi web interfaces on the Production subnet. However, when I try to access on the Development subnet, the ESXi web interface loads endlessly. Note that the same ESXi web interface is accessible immediately after reboot, but then "loses connectivity" after a couple of minutes. Also note that I can always ping and SSH into that same ESXi. Been trying to wrap my head around this for a while. Some of our engineers would like to play with their own ESXi... The solution so far has been to spin up a VM on the development subnet, RDP into that VM and then access ESXi that way... Any ideas? [link] [comments]  |
| What are some good python for network engineer courses, besides Kirk Byers? Posted: 01 Jun 2021 06:58 PM PDT Just want to see what other options are out there for training. My work pays for me to do training every year, so I think I am going to really focus on learning python. Just want to see what other reputable classes there are to take for beginners with no python experience. Not worried about price at all, there is really no limit on that. I have taken boot camps in the past through global knowledge, infosec institute, and others, so was leaning towards something like that. I was considering looking into a course on the CCNP ENAUTO, but wasnt sure how deep that actually dives into python itself. [link] [comments]  |
| Juniper MX map multiple inner tags to one outer tag Posted: 02 Jun 2021 06:06 AM PDT I have a Juniper MX in a lab terminating pppoe sessions. I'm using s-tag/c-tag setup. s-tag = 175 c-tag = 900 This config above works fine. How would I be able to map multiple c-tags (9xx) to one s-tag (175)? e.g. instead of just 900 I would have 900,901,902,203 etc. I've had some looking and I can see there is something called vlan-map. Not sure if I'm on the right track there. Does anybody have a working example of this? If I try use inner-list I get this message: The vlan-bride encapsulation does not seem to be supported on demux. Thanks [link] [comments]  |
| Clearing Solarwinds kiwi CatTools database Posted: 02 Jun 2021 06:03 AM PDT I'm currently using Kiwi CatTools 3.11 and I have a devices and activities list loaded but I need to swap to another set of devices and activities, previous version of 3.8 Kiwi CatTools all I had to do was to delete the KiwiDB-CatTools.kdb database file and it would wipe the database clean and I could start fresh to import the new lists. The newer version does not allow me to do this, by deleting the database file and importing new devices and activities it will just add it to the existing list. I've tried searching through the manuals and Google but I'm at a loss, does anyone know how to clear the database on 3.11 without having to re-install CatTools? Thanks. [link] [comments]  |
| Network design for new servers and switches. Design check and advice Posted: 01 Jun 2021 11:12 PM PDT Hi All, I've recently undertaken a project from an old IT system Admin in the company I work for with a few issues. The main issue is that the guy i have taken over from as passed away taking with him a LOT of core system passwords as he setup a lot of these and did not write/document them or he did in an encrypted files that is basically useless to me. I created a Rack diagram that's basic and is my rough idea of the layout so if you guys need an imager link or that kind i can provide that Now I currently have 3 new servers on the way 2 x R440 1 x R540 - planning to run TrueNas - open to suggestions 3x power switchN2248X-ON The Switches will be stacked connected via 40GBps uplinks. each server will have dual SPF+ connections, 4 Gigabit NIC's and IDRAC enterprise I plan to have four networks all class C ( 192.168.10.x, 192.168.15.x 192.168.20.x 192.168.200.x) I plan to run ESXi on the servers however my CEO with the last System Admin preferred Hyper-V s i dislike the idea of a windows system running core of servers for their need to need to shutdown on the slightest update 1) are there other options besides EXSi//Hyper-V for enterprise? (ProxMox)? 2) these servers will be supporting around 200 users, is there any suggestions on the virtual setup of servers as currently i plan to have 2 VM's to run just DC's and authentication, 1 VM to run "Utilities" server for DNS, WSUS and the likes. Due to wireless access a Unifi controller must also be run on the servers 3) Management tools is another big area i am not so familiar with as I have really only assume this role for this project. Can anyone suggest management tools. We have used Spiceworks in the past However it has been buggy with AD authentication and the likes in the past and i would like to move away from it if possible can so any suggestions would be greatly appreciated 4) as for the router it is a FortiGate 60F with 4 LAN ports and 3 ISP/WAN ports and 1 DMZ that is currently unused my question is does this topology currently sound like it will work fine as I have no one in my organisation to currently communicate this this off with the passing of my fellow IT member. Any advice or suggestions would be great. Ive been doing networking for about 2 years now but its very different when you have to call the finial shots so thanks for any replies in advanced :D [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment